commit 1551fc5e7688fc64dfb0e2f4bf91a9e841d64b37 Author: Damian Johnson atagar@torproject.org Date: Sun Feb 26 16:41:51 2017 -0800
Replacing remaining references to pycrypto
Functionally was perfect. Just a few lingering pycrypto references. Also few doc tweaks and pycodestyle ignore clauses (version I use gave some notices). --- docs/change_log.rst | 1 + docs/faq.rst | 22 +++++++++++++++++++--- run_tests.py | 2 +- stem/descriptor/__init__.py | 2 +- stem/descriptor/hidden_service_descriptor.py | 7 ++++++- stem/descriptor/server_descriptor.py | 5 +++++ stem/prereq.py | 9 +++++---- test/mocking.py | 4 ++-- test/settings.cfg | 16 ++++++++-------- test/unit/descriptor/hidden_service_descriptor.py | 4 ++-- test/util.py | 4 ++-- 11 files changed, 52 insertions(+), 24 deletions(-)
diff --git a/docs/change_log.rst b/docs/change_log.rst index edd5fa8..eccac73 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -50,6 +50,7 @@ The following are only available within Stem's `git repository
* **Descriptors**
+ * Moved from the deprecated `pycrypto https://www.dlitz.net/software/pycrypto/`_ module to `cryptography https://pypi.python.org/pypi/cryptography`_ for validating signatures (:trac:`21086`) * Sped descriptor reading by ~25% by deferring defaulting when validating * Support for protocol descriptor fields (:spec:`eb4fb3c`) * Shared randomness properties weren't being read in votes (:trac:`21102`) diff --git a/docs/faq.rst b/docs/faq.rst index a9e274c..69033d4 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -52,11 +52,27 @@ Does Stem have any dependencies?
**No.** All you need in order to use Stem is Python.
-When it is available Stem will use `pycrypto -https://www.dlitz.net/software/pycrypto/`_ to validate descriptor signatures. -However, there is no need to install pycrypto unless you need this +When it is available Stem will use `cryptography +https://pypi.python.org/pypi/cryptography`_ to validate descriptor signatures. +However, there is no need to install cryptography unless you need this functionality.
+Note that if cryptography installation fails with... + +:: + + build/temp.linux-i686-2.7/_openssl.c:18:20: fatal error: Python.h: No such file or directory + compilation terminated. + error: command 'gcc' failed with exit status 1 + +You need python-dev. For instance on Debian and Ubuntu you can install +cryptography with... + +:: + + % sudo apt-get install python-dev + % sudo pip install cryptography + .. _what_python_versions_is_stem_compatible_with:
What Python versions is Stem compatible with? diff --git a/run_tests.py b/run_tests.py index 39c44cb..bceade3 100755 --- a/run_tests.py +++ b/run_tests.py @@ -160,7 +160,7 @@ def main(): Task('checking stem version', test.util.check_stem_version), tor_version_check, Task('checking python version', test.util.check_python_version), - Task('checking pycrypto version', test.util.check_pycrypto_version), + Task('checking cryptography version', test.util.check_cryptography_version), Task('checking mock version', test.util.check_mock_version), Task('checking pyflakes version', test.util.check_pyflakes_version), Task('checking pycodestyle version', test.util.check_pycodestyle_version), diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py index 5a6ec44..6e8c5a4 100644 --- a/stem/descriptor/__init__.py +++ b/stem/descriptor/__init__.py @@ -563,7 +563,7 @@ class Descriptor(object): """
if not stem.prereq.is_crypto_available(): - raise ValueError('Generating the signed digest requires pycrypto') + raise ValueError('Generating the signed digest requires the cryptography module')
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.serialization import load_der_public_key diff --git a/stem/descriptor/hidden_service_descriptor.py b/stem/descriptor/hidden_service_descriptor.py index 30754b8..ce3a134 100644 --- a/stem/descriptor/hidden_service_descriptor.py +++ b/stem/descriptor/hidden_service_descriptor.py @@ -199,6 +199,11 @@ class HiddenServiceDescriptor(Descriptor):
***** attribute is either required when we're parsed with validation or has a default value, others are left as **None** if undefined + + .. versionchanged:: 1.6.0 + Moved from the deprecated `pycrypto + https://www.dlitz.net/software/pycrypto/`_ module to `cryptography + https://pypi.python.org/pypi/cryptography`_ for validating signatures. """
ATTRIBUTES = { @@ -270,7 +275,7 @@ class HiddenServiceDescriptor(Descriptor): return [] elif authentication_cookie: if not stem.prereq.is_crypto_available(): - raise DecryptionFailure('Decrypting introduction-points requires pycrypto') + raise DecryptionFailure('Decrypting introduction-points requires the cryptography module')
try: missing_padding = len(authentication_cookie) % 4 diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index ca6a16b..3aa5fb0 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -703,6 +703,11 @@ class RelayDescriptor(ServerDescriptor): Added the ed25519_certificate, ed25519_master_key, ed25519_signature, onion_key_crosscert, ntor_onion_key_crosscert, and ntor_onion_key_crosscert_sign attributes. + + .. versionchanged:: 1.6.0 + Moved from the deprecated `pycrypto + https://www.dlitz.net/software/pycrypto/`_ module to `cryptography + https://pypi.python.org/pypi/cryptography`_ for validating signatures. """
ATTRIBUTES = dict(ServerDescriptor.ATTRIBUTES, **{ diff --git a/stem/prereq.py b/stem/prereq.py index bf935b4..585b619 100644 --- a/stem/prereq.py +++ b/stem/prereq.py @@ -6,7 +6,7 @@ Checks for stem dependencies. We require python 2.6 or greater (including the 3.x series), but note we'll be bumping our requirements to python 2.7 in stem 2.0. Other requirements for complete functionality are...
-* pycrypto module +* cryptography module
* validating descriptor signature integrity
@@ -14,7 +14,7 @@ Checks for stem dependencies. We require python 2.6 or greater (including the
check_requirements - checks for minimum requirements for running stem is_python_3 - checks if python 3.0 or later is available - is_crypto_available - checks if the pycrypto module is available + is_crypto_available - checks if the cryptography module is available """
import inspect @@ -26,7 +26,7 @@ try: except ImportError: from stem.util.lru_cache import lru_cache
-CRYPTO_UNAVAILABLE = "Unable to import the pycrypto module. Because of this we'll be unable to verify descriptor signature integrity. You can get pycrypto from: https://www.dlitz.net/software/pycrypto/" +CRYPTO_UNAVAILABLE = "Unable to import the cryptography module. Because of this we'll be unable to verify descriptor signature integrity. You can get cryptography from: https://pypi.python.org/pypi/cryptography"
def check_requirements(): @@ -88,7 +88,8 @@ def is_crypto_available(): Checks if the cryptography functions we use are available. This is used for verifying relay descriptor signatures.
- :returns: **True** if we can use pycrypto and **False** otherwise + :returns: **True** if we can use the cryptography module and **False** + otherwise """
from stem.util import log diff --git a/test/mocking.py b/test/mocking.py index 8babe76..c293cf0 100644 --- a/test/mocking.py +++ b/test/mocking.py @@ -710,8 +710,8 @@ def sign_descriptor_content(desc_content): """ Add a valid signature to the supplied descriptor string.
- If pycrypto is available the function will generate a key pair, and use it to - sign the descriptor string. Any existing fingerprint, signing-key or + If cryptography is available the function will generate a key pair, and use + it to sign the descriptor string. Any existing fingerprint, signing-key or router-signature data will be overwritten. If the library's unavailable the code will return the unaltered descriptor.
diff --git a/test/settings.cfg b/test/settings.cfg index f9c6c62..c8172f6 100644 --- a/test/settings.cfg +++ b/test/settings.cfg @@ -144,14 +144,14 @@ pyflakes.ignore stem/__init__.py => undefined name 'long' pyflakes.ignore stem/__init__.py => undefined name 'unicode' pyflakes.ignore stem/control.py => undefined name 'controller' pyflakes.ignore stem/manual.py => undefined name 'unichr' -pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_to_bytes' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_from_bytes' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.default_backend' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.load_der_public_key' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused -pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.algorithms' imported but unused -pyflakes.ignore stem/prereq.py => 'unittest.mock' imported but unused +pyflakes.ignore stem/prereq.py => 'int_to_bytes' imported but unused +pyflakes.ignore stem/prereq.py => 'int_from_bytes' imported but unused +pyflakes.ignore stem/prereq.py => 'default_backend' imported but unused +pyflakes.ignore stem/prereq.py => 'load_der_public_key' imported but unused +pyflakes.ignore stem/prereq.py => 'modes' imported but unused +pyflakes.ignore stem/prereq.py => 'Cipher' imported but unused +pyflakes.ignore stem/prereq.py => 'algorithms' imported but unused +pyflakes.ignore stem/prereq.py => 'unittest' imported but unused pyflakes.ignore stem/interpreter/__init__.py => undefined name 'raw_input' pyflakes.ignore stem/util/conf.py => undefined name 'unicode' pyflakes.ignore stem/util/test_tools.py => 'pyflakes' imported but unused diff --git a/test/unit/descriptor/hidden_service_descriptor.py b/test/unit/descriptor/hidden_service_descriptor.py index 7b37ef0..74a0974 100644 --- a/test/unit/descriptor/hidden_service_descriptor.py +++ b/test/unit/descriptor/hidden_service_descriptor.py @@ -273,7 +273,7 @@ class TestHiddenServiceDescriptor(unittest.TestCase): """
if not stem.prereq.is_crypto_available(): - return test.runner.skip(self, 'requires pycrypto') + return test.runner.skip(self, 'requires cryptography')
descriptor_file = open(get_resource('hidden_service_basic_auth'), 'rb')
@@ -322,7 +322,7 @@ class TestHiddenServiceDescriptor(unittest.TestCase): """
if not stem.prereq.is_crypto_available(): - return test.runner.skip(self, 'requires pycrypto') + return test.runner.skip(self, 'requires cryptography')
descriptor_file = open(get_resource('hidden_service_stealth_auth'), 'rb')
diff --git a/test/util.py b/test/util.py index 1b50369..ce1f8e8 100644 --- a/test/util.py +++ b/test/util.py @@ -22,7 +22,7 @@ Tasks are... |- check_stem_version - checks our version of stem |- check_tor_version - checks our version of tor |- check_python_version - checks our version of python - |- check_pycrypto_version - checks our version of pycrypto + |- check_cryptography_version - checks our version of cryptography |- check_pyflakes_version - checks our version of pyflakes |- check_pycodestyle_version - checks our version of pycodestyle |- clean_orphaned_pyc - removes any *.pyc without a corresponding *.py @@ -214,7 +214,7 @@ def check_python_version(): return '.'.join(map(str, sys.version_info[:3]))
-def check_pycrypto_version(): +def check_cryptography_version(): if stem.prereq.is_crypto_available(): import Crypto return Crypto.__version__
tor-commits@lists.torproject.org